SlideShare a Scribd company logo

Risk based approach to managing privacy (EDPD 2015)

Oskari Rovamo
Oskari Rovamo

Risk-based approach slides from European Data Protection Days 2015 in Berlin.

Law
1 of 9
Download to read offline
1 © Nokia 2015 RISK-BASED APPROACH Managing privacy in a complex global technology business “European Data Protection Days” Conference, 4-5 May 2015 Oskari Rovamo, Global Privacy Counsel Nokia Corporation
2 © Nokia 2015 HERE Nokia Technologies Nokia Networks NOKIA REINVENTED
3 © Nokia 2015 GROUP-WIDE PRIVACY RISK CONTROL FRAMEWORK Responsible for Implementing the Policy and Program, SOP’s. Privacy Owners and Officer(s). Responsible for Policy, Program, Objectives, Group wide requirements and processes, Support Accountable for Nokia Privacy Policy and Program. Sufficiently independent. Nokia Privacy Owner Nokia Group Privacy Officer Networks HERE Technologies Corporate Functions Cross-teams: Security, Legal & Compliance, Enterprise Risk Management, Government Relations, Human Rights, Industry outreach, External Communications 1. Executive Accountability 2. Policies and processes 3. Staff, resources 4. Training and awareness 5. Risk assessment and mitigation 6. Issue response 7. Internal enforcement
4 © Nokia 2015 NOKIA PRIVACY VISION AND PRINCIPLES Aligned with globally recognized privacy frameworks. Serves as the basis for more detailed standard operating procedures, requirements, guidelines and design patterns. We respect privacy Accountable, fair and lawful processing Privacy by Design Transparency, choice and individual participation Collection and purpose limitation Data management Limited and controlled disclosures Security safeguards
5 © Nokia 2015 KNOW YOUR RISKS, THEN MITIGATE THEM Principles Threats, Harm Residual Risk Risk Different privacy analysis approaches: • Goal-oriented • Risk-based • Combination/hybrid Controls Requirements
6 © Nokia 2015 WHAT PRIVACY ANALYSIS APPROACH DO YOU USE? a) Goal-oriented e.g. processes where defined, repeatable and easy- to-follow privacy requirements are turned into privacy controls. b) Risk-based e.g. privacy impact assessment is used to identify treats and harm as well as to determine the risk; privacy controls proposed to treat the risk. c) Combination/hybrid e.g. processes combine both goal-oriented and risk-based approaches. d) Other/none e.g. no privacy analysis is done.
7 © Nokia 2015 PRIVACY ENGINEERING & ASSURANCE COMPONETS Principles, Statements, Requirements, Procedures, Guidelines, Patterns Planning & Concepting Threat Assessment and Mitigation Privacy requirements identification Design, Implement, Test Map privacy requirements into product features Select guidelines, patterns Review Against requirements Can be standalone Release Assessment Sign-off Evidence Evidence Privacy Engineering Privacy Assurance Privacy Knowledge Base Evidence
8 © Nokia 2015 THANK YOU!
Risk based approach to managing privacy (EDPD 2015)

Recommended

Bill checkpoint
Bill checkpointBill checkpoint
Bill checkpointBilly Cox
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNorth Texas Chapter of the ISSA
 
Tufin SecureCloud
Tufin SecureCloudTufin SecureCloud
Tufin SecureCloudMatt Kerr
 
External TGF brand presentation Final - no video
External TGF brand presentation Final - no videoExternal TGF brand presentation Final - no video
External TGF brand presentation Final - no videoKaris Higson BA (Hons), MSc
 
IoTC - The Future of IoT Privacy & Security Task Force
IoTC - The Future of IoT Privacy & Security Task ForceIoTC - The Future of IoT Privacy & Security Task Force
IoTC - The Future of IoT Privacy & Security Task ForceChristopher P. Williams
 
Cyber Tech Corporate
Cyber Tech CorporateCyber Tech Corporate
Cyber Tech Corporaterolfpost
 
Cognizant EBA-ERSS
Cognizant EBA-ERSSCognizant EBA-ERSS
Cognizant EBA-ERSSNitin Sharma
 
Cyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
Cyber Security Regional Forum: APNIC's cybersecurity work in the PacificCyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
Cyber Security Regional Forum: APNIC's cybersecurity work in the PacificAPNIC
 

Recommended

Bill checkpoint
Bill checkpointBill checkpoint
Bill checkpointBilly Cox
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNorth Texas Chapter of the ISSA
 
Tufin SecureCloud
Tufin SecureCloudTufin SecureCloud
Tufin SecureCloudMatt Kerr
 
External TGF brand presentation Final - no video
External TGF brand presentation Final - no videoExternal TGF brand presentation Final - no video
External TGF brand presentation Final - no videoKaris Higson BA (Hons), MSc
 
IoTC - The Future of IoT Privacy & Security Task Force
IoTC - The Future of IoT Privacy & Security Task ForceIoTC - The Future of IoT Privacy & Security Task Force
IoTC - The Future of IoT Privacy & Security Task ForceChristopher P. Williams
 
Cyber Tech Corporate
Cyber Tech CorporateCyber Tech Corporate
Cyber Tech Corporaterolfpost
 
Cognizant EBA-ERSS
Cognizant EBA-ERSSCognizant EBA-ERSS
Cognizant EBA-ERSSNitin Sharma
 
Cyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
Cyber Security Regional Forum: APNIC's cybersecurity work in the PacificCyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
Cyber Security Regional Forum: APNIC's cybersecurity work in the PacificAPNIC
 
Nokia_Final (1)
Nokia_Final (1)Nokia_Final (1)
Nokia_Final (1)Samantha Kussmann
 
Nokia Corporate Strategy Critique
Nokia Corporate Strategy CritiqueNokia Corporate Strategy Critique
Nokia Corporate Strategy CritiqueMotaz Agamawi
 
Business environment and analysis of nokia
Business environment and analysis of nokiaBusiness environment and analysis of nokia
Business environment and analysis of nokiashaunakbajpai
 
Presentation on nokia overall started
Presentation on nokia overall startedPresentation on nokia overall started
Presentation on nokia overall startedANSHU TIWARI
 
NOKIA PRESENTATION
NOKIA PRESENTATIONNOKIA PRESENTATION
NOKIA PRESENTATIONSurjeet Singh
 
Failure of nokia
Failure of nokiaFailure of nokia
Failure of nokiaKaran Chaudhary
 
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation TechniquesPPT - Powerful Presentation Techniques
PPT - Powerful Presentation TechniquesUniversity of Wisconsin Milwaukee
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy FrameworksAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
CV 2.4 18/06/2016
CV 2.4 18/06/2016CV 2.4 18/06/2016
CV 2.4 18/06/2016Neil Barnacle FBCS CITP
 
New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016Jean-Marc LEON
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
CIPM
CIPMCIPM
CIPMMustafa Kuğu
 

More Related Content

Viewers also liked

Nokia Corporate Strategy Critique
Nokia Corporate Strategy CritiqueNokia Corporate Strategy Critique
Nokia Corporate Strategy CritiqueMotaz Agamawi
 
Business environment and analysis of nokia
Business environment and analysis of nokiaBusiness environment and analysis of nokia
Business environment and analysis of nokiashaunakbajpai
 
Presentation on nokia overall started
Presentation on nokia overall startedPresentation on nokia overall started
Presentation on nokia overall startedANSHU TIWARI
 

Viewers also liked (7)

Nokia_Final (1)
Nokia_Final (1)Nokia_Final (1)
Nokia_Final (1)
 
Nokia Corporate Strategy Critique
Nokia Corporate Strategy CritiqueNokia Corporate Strategy Critique
Nokia Corporate Strategy Critique
 
Business environment and analysis of nokia
Business environment and analysis of nokiaBusiness environment and analysis of nokia
Business environment and analysis of nokia
 
Presentation on nokia overall started
Presentation on nokia overall startedPresentation on nokia overall started
Presentation on nokia overall started
 
NOKIA PRESENTATION
NOKIA PRESENTATIONNOKIA PRESENTATION
NOKIA PRESENTATION
 
Failure of nokia
Failure of nokiaFailure of nokia
Failure of nokia
 
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation TechniquesPPT - Powerful Presentation Techniques
PPT - Powerful Presentation Techniques
 

Similar to Risk based approach to managing privacy (EDPD 2015)

IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016Jean-Marc LEON
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
A case study on Protecting information in an online learning environment
A case study on Protecting information in an online learning environmentA case study on Protecting information in an online learning environment
A case study on Protecting information in an online learning environmentguest41dd05
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergKinverg
 
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERSPROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERSRuth Jones
 
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAEIT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE360 BSI
 

Similar to Risk based approach to managing privacy (EDPD 2015) (20)

IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data Subject
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
CV 2.4 18/06/2016
CV 2.4 18/06/2016CV 2.4 18/06/2016
CV 2.4 18/06/2016
 
New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
CIPM
CIPMCIPM
CIPM
 
A case study on Protecting information in an online learning environment
A case study on Protecting information in an online learning environmentA case study on Protecting information in an online learning environment
A case study on Protecting information in an online learning environment
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
 
Alpes strategie v5
Alpes strategie v5Alpes strategie v5
Alpes strategie v5
 
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERSPROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
 
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAEIT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
 

Recently uploaded

Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 

Recently uploaded (20)

Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 

Risk based approach to managing privacy (EDPD 2015)

  • 1. 1 © Nokia 2015 RISK-BASED APPROACH Managing privacy in a complex global technology business “European Data Protection Days” Conference, 4-5 May 2015 Oskari Rovamo, Global Privacy Counsel Nokia Corporation
  • 2. 2 © Nokia 2015 HERE Nokia Technologies Nokia Networks NOKIA REINVENTED
  • 3. 3 © Nokia 2015 GROUP-WIDE PRIVACY RISK CONTROL FRAMEWORK Responsible for Implementing the Policy and Program, SOP’s. Privacy Owners and Officer(s). Responsible for Policy, Program, Objectives, Group wide requirements and processes, Support Accountable for Nokia Privacy Policy and Program. Sufficiently independent. Nokia Privacy Owner Nokia Group Privacy Officer Networks HERE Technologies Corporate Functions Cross-teams: Security, Legal & Compliance, Enterprise Risk Management, Government Relations, Human Rights, Industry outreach, External Communications 1. Executive Accountability 2. Policies and processes 3. Staff, resources 4. Training and awareness 5. Risk assessment and mitigation 6. Issue response 7. Internal enforcement
  • 4. 4 © Nokia 2015 NOKIA PRIVACY VISION AND PRINCIPLES Aligned with globally recognized privacy frameworks. Serves as the basis for more detailed standard operating procedures, requirements, guidelines and design patterns. We respect privacy Accountable, fair and lawful processing Privacy by Design Transparency, choice and individual participation Collection and purpose limitation Data management Limited and controlled disclosures Security safeguards
  • 5. 5 © Nokia 2015 KNOW YOUR RISKS, THEN MITIGATE THEM Principles Threats, Harm Residual Risk Risk Different privacy analysis approaches: • Goal-oriented • Risk-based • Combination/hybrid Controls Requirements
  • 6. 6 © Nokia 2015 WHAT PRIVACY ANALYSIS APPROACH DO YOU USE? a) Goal-oriented e.g. processes where defined, repeatable and easy- to-follow privacy requirements are turned into privacy controls. b) Risk-based e.g. privacy impact assessment is used to identify treats and harm as well as to determine the risk; privacy controls proposed to treat the risk. c) Combination/hybrid e.g. processes combine both goal-oriented and risk-based approaches. d) Other/none e.g. no privacy analysis is done.
  • 7. 7 © Nokia 2015 PRIVACY ENGINEERING & ASSURANCE COMPONETS Principles, Statements, Requirements, Procedures, Guidelines, Patterns Planning & Concepting Threat Assessment and Mitigation Privacy requirements identification Design, Implement, Test Map privacy requirements into product features Select guidelines, patterns Review Against requirements Can be standalone Release Assessment Sign-off Evidence Evidence Privacy Engineering Privacy Assurance Privacy Knowledge Base Evidence
  • 8. 8 © Nokia 2015 THANK YOU!